package com.dzf.config;

import org.checkerframework.checker.units.qual.A;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.*;

import java.util.ArrayList;
import java.util.List;

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private  AuthenticationManager authenticationManagerBean;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Autowired
    private TokenStore redisTokenStore;

    @Autowired
    private UserDetailsService userDetailsService;


    /**
     * OAuth2客户端
     */
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                // 定义客户端id
                .withClient("sobook")
                // 定义客户端密码
                .secret(passwordEncoder.encode("223344"))
                // 定义类型
                .authorizedGrantTypes("authorization_code","password")
                // 定义回调地址
                .redirectUris("http://www.baidu.com")
                .autoApprove(true)
                // 允许的授权范围
                .scopes("all");

    }

    /**
     * 配置授权服务器端点的非安全功能，
     * 如令牌存储、令牌定制、用户批准和授权类型。默认情况下你不需要做任何事情，除非你需要密码授权，
     * 在这种情况下你需要提供一个 authenticationManagerBean
     */
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
                //redis缓存token
        endpoints.tokenStore(redisTokenStore)
                .authenticationManager(authenticationManagerBean)
                // 指定密码比对方式 和 用户的信息处理类;
                .userDetailsService(userDetailsService);

    }


    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        // 允许通过Form表单来实现客户端验证
        security.allowFormAuthenticationForClients()
                // 认证之后才可以实现token查询
                .checkTokenAccess("isAuthenticated()")
                // 获取token的时候不拦截
                .tokenKeyAccess("permitAll()")
                // 客户端登录的时候是需要进行密码输入的
                .passwordEncoder(this.passwordEncoder);
    }




}
